Malicious PDF — malware analysis report

Static analysis result for SHA-256 409136b40ddcc42f…

MALICIOUS

PDF

44.0 KB Created: 2018-11-30 20:23:39 +03:00 Authoring application: - (via Acrobat Distiller 3.0 for Power Macintosh)
MD5: 32cab8e875a15585a1d1b10344f9d27e SHA-1: b23894fb185f487f7d37d86182501eae62f8e5ff SHA-256: 409136b40ddcc42f7d2ae4816bb44271ad45b34e75231a783adeaf07c683506e
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file contains a large number of embedded URLs pointing to external PDF documents on the domain 'gorillawalker.com'. This behavior is indicative of a link farm, often used for SEO manipulation or to distribute malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted, limiting the ability to determine specific payload delivery mechanisms.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/usmle-road-map-emergency-medicine-lange-usmle-road-maps.pdf
    • http://www.gorillawalker.com/leveled-poems-for-small-group-reading-lessons-40-just-right.pdf
    • http://www.gorillawalker.com/fixing-you-shoulder-elbow-pain-self-treatment-for-rotator-cuff.pdf
    • http://www.gorillawalker.com/unspoken-words.pdf
    • http://www.gorillawalker.com/tibetan-folk-tales.pdf
    • http://www.gorillawalker.com/collins-easy-learning-english-spelling.pdf
    • http://www.gorillawalker.com/noodles-and-rice-a-guide-to-cooking-and-eating-chinese.pdf
    • http://www.gorillawalker.com/the-muscular-system-manual-the-skeletal-muscles-of-the-human.pdf
    • http://www.gorillawalker.com/children-and-number-difficulties-in-learning-mathematics.pdf
    • http://www.gorillawalker.com/issues-in-industrial-marketing-a-view-to-the-future-proceedings.pdf
    • http://www.gorillawalker.com/the-roi-analysis-project-management-office-development-pmo-projections-charter.pdf
    • http://www.gorillawalker.com/kaizen-assembly-designing-constructing-and-managing-a-lean-assembly-line.pdf
    • http://www.gorillawalker.com/dive-a-novel.pdf
    • http://www.gorillawalker.com/embers-wings-of-war-volume-1.pdf
    • http://www.gorillawalker.com/heroic-image-in-chile-arturo-prat-secular-saint.pdf
    • http://www.gorillawalker.com/panama-s-travel-and-tourism-boom-country-report-panama-an.pdf
    • http://www.gorillawalker.com/counting-supplementary-notes-and-solutions-manual.pdf
    • http://www.gorillawalker.com/learning-to-experience-the-etheric-world.pdf
    • http://www.gorillawalker.com/the-sword-and-the-shield-unabridged-audible-audio-edition.pdf
    • http://www.gorillawalker.com/mhd-energy-conversion-physiotechnical-problems-progress-in-astronautics-and-aeronautics.pdf
    • http://www.gorillawalker.com/i-wandered-lonely-as-a-cloud-and-other-poems-you.pdf
    • http://www.gorillawalker.com/field-artillery-and-firepower.pdf
    • http://www.gorillawalker.com/dinosaurs-fun-facts-photos-of-animals-for-kids-discover-our.pdf
    • http://www.gorillawalker.com/keyboard-instruments-study-of-keyboard-organology-1500-1800-the-dover.pdf
    • http://www.gorillawalker.com/american-elegy-a-family-memoir.pdf
    • http://www.gorillawalker.com/the-cattle.pdf
    • http://www.gorillawalker.com/d-vine-restaurant-the-cookbook.pdf
    • http://www.gorillawalker.com/end-of-the-great-harappan-tradition.pdf
    • http://www.gorillawalker.com/introduction-to-medical-surgical-nursing-pageburst-e-book-on-vitalsource.pdf
    • http://www.gorillawalker.com/dances-of-anahuac-the-choreography-and-music-of-precortesian-dances.pdf
    • http://www.gorillawalker.com/assessment-in-speech-language-pathology-a-resource-manual-includes-premium.pdf
    • http://www.gorillawalker.com/switching-places-femdom-feminisation-erotica-kindle-edition.pdf
    • http://www.gorillawalker.com/behind-the-postmodern-facade-architectural-change-in-late-twentieth-century.pdf
    • http://www.gorillawalker.com/the-united-states-constitution-a-graphic-adaptation.pdf
    • http://www.gorillawalker.com/bow-sports-car-days-2010.pdf
    • http://www.gorillawalker.com/tears-in-the-darkness-the-story-of-the-bataan-death.pdf
    • http://www.gorillawalker.com/god-gave-me-you-a-rhyming-picture-book-for-young.pdf
    • http://www.gorillawalker.com/semiconductor-nanowires-from-next-generation-electronics-to-sustainable-energy-rsc.pdf
    • http://www.gorillawalker.com/ceremonies-of-the-dead.pdf
    • http://www.gorillawalker.com/things-i-need-things-i-want-rosen-common-core-readers.pdf
    • http://www.gorillawalker.com/fixing-you-shoulder-elbow-pain-self-treatment-for-rotator
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.